Jarvis is a retired vulnerable machine available from HackTheBox. The machine maker is manulqwerty & Ghostpp7, thank you. It has a Medium difficulty with a rating of 4.9 out of 10. I think it’s somewhat between easy & medium. Kali Linux is used to carry out the enumeration, exploitation and privilege escalation. The goal is […]
Typically in AWS environment, we use CodePipeline as the orchestrator to build, test and deploy our application/service. But in some scenario such as deploying static websites, we may just need to achieve simple continuous deployment. In these cases, we don’t need the full blown deployment pipeline for staging and approval process. We can simply use […]
Mirai is a retired vulnerable machine available from HackTheBox. The machine maker is Arrexel, thank you. It is a pretty easy machine with a difficulty rating of 3.7 out of 10. No automated tools are required to solve the machine. Kali Linux is used to carry out the enumeration, exploitation and privilege escalation. The goal […]
Next.js is the React Framework that helps deploying a static website or dynamic website with server side rendering. This post will illustrates how to host a simple React application on AWS S3 using Next.js framework. Node.js is required. Setup Next.js project npm init next-app This command will ask couple simple questions including project name & […]
AWS File gateway, running as a VM server locally, can act as a NFS or SMB file share to actually store your files at AWS S3. Your on-premise machines can then connect and mount the file share to access data stored at S3 as if they are available locally. This can be a great first […]
The post looks at some options moving forward for developing applications using React/Angular/Vue with ASP.NET Core. Each option has it’s own advantage and short comings depending on the application requirements. SpaServices & NodeServices going away SpaServices and NodeServices become deprecated, starting at .NET Core 3.1. And they will be removed when .NET 5 arrives. .NET […]
Exploitation Summary Initial Exploitation Vulnerability: SQL Injection vulnerability of CMS Made Easy Explanation: CMS Made Easy version 2.2.9.1 has a SQL Injection vulnerability that results in exposure to login id and password hash Privilege Escalation Vulnerability: Hijack Command Execution by Path Interception Explanation: A writable bin folder exists in the execution search PATH and is […]
There are different ways to transfer installation files or VMs over to ESXi server. You can do it over the network or you can do it using USB. Although ESXi server does not directly support file transfer through USB, there are steps we can do to achieve that. We will be going over the a […]
CDK stands for Cloud Development Kit. It defines cloud infrastructure in code and provisions resources through AWS CloudFormation. This post will demonstrate how to setup and execute a simple CDK application to create a AWS S3 Static Website. Prerequisites Node.js >= 10.3.0 Python 3 configured AWS CLI with read/write access to S3 service Install AWS […]
Exploitation Summary Initial Exploitation Vulnerability: Backdoor Command Execution of UnrealIRCD Explanation: A malicious backdoor was added to UnrealIRCD version 3.2.8.1 Privilege Escalation Vulnerability: suid executable viewuser Explanation: It can execute as root and is looking for another command to execute in which we can exploit Enumeration nmap -p- -A -T4 10.10.10.117 TCP 22: OpenSSH 6.7p1 […]
Gatsby is a free and open source framework based on React that helps developers build blazing fast websites and apps. It achieves high performance by generating static files for your React application. This post will illustrates how to host a simple React application on AWS S3 using Gatsby framework. Node.js is required. Setup Gatsby First install the gatsby […]
AWS Route 53 is a highly available DNS service offered by Amazon. It also serves as domain registrar where you can register and manage your domain registration. It’s competitive and reliable. The post illustrates how to transfer a domain registration to Route 53 if you want to use it to manage your domains. Step 1: […]
We discussed how to view PDF files more safely a while back. Most of the time we only need to read PDF files. But once in a while, we want to combine pages from different PDF files into a single PDF file. There are quite a bunch of websites that offer merging PDF files online. […]
Fact: Simply opening an infected PDF file can get your device compromised. Need: to open PDF files more safely. PDF probably is the most commonly used format to facilitate exchange of electronic copy of documents. We share content using PDFs all over the web, through emails. And we receive our statements, bills, invoices from our providers. […]
VM: Jarbas 1 Goal: Obtain root shell Approach: solve without automated exploitation tools Target Discovery nmap -sn 192.168.172.200-254 Port Scanning nmap -p- -A 192.168.172.238 Port 22: OpenSSH 7.4 Port 80: Apache httpd 2.4.6 Port 3306: mysql (MariaDB) port 8080: http (Jetty 9.4.z-SNAPSHOT) Enumeration First browse through the main website which found nothing of interests. All […]
What happen when your home Internet is down and won’t be available for a while? Internet has become part of our daily life. Many of our activities involve Internet access. From gaming, online shopping, banking, searching for information and etc. Simply put, it’s really inconvenience and tough when home Internet is not available. I once […]
Exploitation Summary Initial Exploitation Vulnerability: Remote code execution via Jenkins Script Console Explanation: Jenkins management console is available without login and resulted in code execution through the Script Console Privilege Escalation Vulnerability: Weak master password of keepass file Explanation: keepass is used to store credentials including some administrative credentials. However, weak password is used to […]
Target IP: 10.10.10.114 Exploitation Summary Initial Exploitation Vulnerability: Security through obscurity Explanation: Credentials are obscured in javascript function within the website. Privilege Escalation Vulnerability: sudo git pull Explanation: hook script for post-merge can be defined to perform code execution as root Enumeration nmap -p- -A -T4 10.10.10.114 TCP 22: OpenSSH 7.6p1 TCP 80: nginx Initial […]
Target IP: 10.10.10.110 Exploitation Summary Initial Exploitation Vulnerability: Command execution on /api/brew.py Explanation: The api script is testing ABV parameter to ensure value is less than or equal to 1.0. However eval function is used that allows code injection. Privilege Escalation (user) Vulnerability: critical information stored in git Explanation: ssh private key is stored in […]
Jarvis is a retired vulnerable machine available from HackTheBox. The machine maker is manulqwerty & Ghostpp7, thank you. It has a Medium difficulty with a rating of 4.9 out of 10. I think it’s somewhat between easy & medium. Kali Linux is used to carry out the enumeration, exploitation and privilege escalation. The goal is […]
Typically in AWS environment, we use CodePipeline as the orchestrator to build, test and deploy our application/service. But in some scenario such as deploying static websites, we may just need to achieve simple continuous deployment. In these cases, we don’t need the full blown deployment pipeline for staging and approval process. We can simply use […]
Mirai is a retired vulnerable machine available from HackTheBox. The machine maker is Arrexel, thank you. It is a pretty easy machine with a difficulty rating of 3.7 out of 10. No automated tools are required to solve the machine. Kali Linux is used to carry out the enumeration, exploitation and privilege escalation. The goal […]
Next.js is the React Framework that helps deploying a static website or dynamic website with server side rendering. This post will illustrates how to host a simple React application on AWS S3 using Next.js framework. Node.js is required. Setup Next.js project npm init next-app This command will ask couple simple questions including project name & […]
AWS File gateway, running as a VM server locally, can act as a NFS or SMB file share to actually store your files at AWS S3. Your on-premise machines can then connect and mount the file share to access data stored at S3 as if they are available locally. This can be a great first […]
Exploitation Summary Initial Exploitation Vulnerability: SQL Injection vulnerability of CMS Made Easy Explanation: CMS Made Easy version 2.2.9.1 has a SQL Injection vulnerability that results in exposure to login id and password hash Privilege Escalation Vulnerability: Hijack Command Execution by Path Interception Explanation: A writable bin folder exists in the execution search PATH and is […]
There are different ways to transfer installation files or VMs over to ESXi server. You can do it over the network or you can do it using USB. Although ESXi server does not directly support file transfer through USB, there are steps we can do to achieve that. We will be going over the a […]
CDK stands for Cloud Development Kit. It defines cloud infrastructure in code and provisions resources through AWS CloudFormation. This post will demonstrate how to setup and execute a simple CDK application to create a AWS S3 Static Website. Prerequisites Node.js >= 10.3.0 Python 3 configured AWS CLI with read/write access to S3 service Install AWS […]
Exploitation Summary Initial Exploitation Vulnerability: Backdoor Command Execution of UnrealIRCD Explanation: A malicious backdoor was added to UnrealIRCD version 3.2.8.1 Privilege Escalation Vulnerability: suid executable viewuser Explanation: It can execute as root and is looking for another command to execute in which we can exploit Enumeration nmap -p- -A -T4 10.10.10.117 TCP 22: OpenSSH 6.7p1 […]
Gatsby is a free and open source framework based on React that helps developers build blazing fast websites and apps. It achieves high performance by generating static files for your React application. This post will illustrates how to host a simple React application on AWS S3 using Gatsby framework. Node.js is required. Setup Gatsby First install the gatsby […]
AWS Route 53 is a highly available DNS service offered by Amazon. It also serves as domain registrar where you can register and manage your domain registration. It’s competitive and reliable. The post illustrates how to transfer a domain registration to Route 53 if you want to use it to manage your domains. Step 1: […]
Exploitation Summary Initial Exploitation Vulnerability: Remote code execution via Magento Explanation: Magento has couple remote code execution vulnerabilities allowing admin account creation and then code execution through admin account Privilege Escalation Vulnerability: sudo vi capability Explanation: shell can be obtained through vi Enumeration nmap -p- -A -T4 10.10.10.140 TCP 22: OpenSSH 7.2p2 Ubuntu TCP 80: […]